e1e290548ad09ff4907e60a1d0634800_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e1e290548ad09ff4907e60a1d0634800_JaffaCakes118
Size

46KB
MD5

e1e290548ad09ff4907e60a1d0634800
SHA1

69475f3556a23bccacc09f5a5d1e2309da7c4dd9
SHA256

05b28e259a680afa1bb9eb31740205a36343a8ece91984bb63fd6d0018335c1f
SHA512

0750d71db4be7c90c7e16298cbadb0eefd6d9cb9b5f4610fac2113fa138c91303e68a71329af739fc9093719c867f0828d0fbb081b24668eb9145e7874125285
SSDEEP

768:QxcQRJ6Azg5PX9pidK0izJgVa2UIWSv1J86Q3ox:hQRJx8PXryVa2UHG1JSox

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1e290548ad09ff4907e60a1d0634800_JaffaCakes118

Files

e1e290548ad09ff4907e60a1d0634800_JaffaCakes118
.exe windows:4 windows x86 arch:x86

32a64b9e079bd524bc663f8a3db68c18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
gethostbyname
select
WSAStartup
WSACleanup
htons
socket
connect
send
closesocket
recv

user32

CharLowerA

advapi32

RegSetValueExA
DeleteService
ControlService
CreateServiceA
LockServiceDatabase
QueryServiceLockStatusA
ChangeServiceConfig2A
UnlockServiceDatabase
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
GetUserNameA
RegCloseKey
RegCreateKeyExA

shfolder

SHGetFolderPathA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
LCMapStringA
LCMapStringW
OpenMutexA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
CloseHandle
CreateProcessA
ExitThread
ExitProcess
GetTempPathA
Sleep
ReleaseMutex
GetTickCount
CreateMutexA
lstrcmpiA
SetFileAttributesA
GetLastError
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleA
SetErrorMode
CopyFileA
GetProcAddress
LoadLibraryA
MultiByteToWideChar
SetFileTime
GetFileTime
CreateFileA
GetSystemDirectoryA
SetEvent
DeleteFileA
LocalFree
LocalAlloc
WaitForSingleObject
CreateThread
HeapAlloc
HeapFree
GetStartupInfoA
GetCommandLineA
GetVersion
WriteFile
ReadFile
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
SetFilePointer

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

32a64b9e079bd524bc663f8a3db68c18

Headers

File Characteristics

Imports

ws2_32

user32

advapi32

shfolder

version

kernel32

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 19KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 19KB